<!DOCTYPE html>



  


<html class="theme-next muse use-motion" lang="zh-Hans">
<head><meta name="generator" content="Hexo 3.8.0">
  <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="theme-color" content="#222">









<meta http-equiv="Cache-Control" content="no-transform">
<meta http-equiv="Cache-Control" content="no-siteapp">
















  
  
  <link href="/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css">







<link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css">

<link href="/css/main.css?v=5.1.4" rel="stylesheet" type="text/css">


  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png?v=5.1.4">


  <link rel="mask-icon" href="/images/logo.svg?v=5.1.4" color="#222">





  <meta name="keywords" content="Spring Security,">










<meta name="description" content="Spring Security 是一个可以为基于Spring的应用系统提供声明式的安全访问控制的安全框架。 它提供一组可在上下文配置的Bean，通过这些扩展和配置这些Bean，我们可以实现功能强大的、高度定制化的身份验证和访问的控制框架。 本篇将会分析 Spring Security 处理用户信息的几个重要的过滤器。">
<meta name="keywords" content="Spring Security">
<meta property="og:type" content="article">
<meta property="og:title" content="Spring  Security 源码分析二">
<meta property="og:url" content="http://sangaizhi.gitee.io/2018/12/12/2018-12-12-Spring-Security-Source-Analysis-2/index.html">
<meta property="og:site_name" content="sangaizhi-blog">
<meta property="og:description" content="Spring Security 是一个可以为基于Spring的应用系统提供声明式的安全访问控制的安全框架。 它提供一组可在上下文配置的Bean，通过这些扩展和配置这些Bean，我们可以实现功能强大的、高度定制化的身份验证和访问的控制框架。 本篇将会分析 Spring Security 处理用户信息的几个重要的过滤器。">
<meta property="og:locale" content="zh-Hans">
<meta property="og:updated_time" content="2018-12-16T15:43:53.146Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="Spring  Security 源码分析二">
<meta name="twitter:description" content="Spring Security 是一个可以为基于Spring的应用系统提供声明式的安全访问控制的安全框架。 它提供一组可在上下文配置的Bean，通过这些扩展和配置这些Bean，我们可以实现功能强大的、高度定制化的身份验证和访问的控制框架。 本篇将会分析 Spring Security 处理用户信息的几个重要的过滤器。">



<script type="text/javascript" id="hexo.configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/',
    scheme: 'Muse',
    version: '5.1.4',
    sidebar: {"position":"left","display":"post","offset":12,"b2t":false,"scrollpercent":false,"onmobile":false},
    fancybox: true,
    tabs: true,
    motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
    duoshuo: {
      userId: '0',
      author: '博主'
    },
    algolia: {
      applicationID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    }
  };
</script>



  <link rel="canonical" href="http://sangaizhi.gitee.io/2018/12/12/2018-12-12-Spring-Security-Source-Analysis-2/">





  <title>Spring  Security 源码分析二 | sangaizhi-blog</title>
  








</head>

<body itemscope="" itemtype="http://schema.org/WebPage" lang="zh-Hans">

  
  
    
  

  <div class="container sidebar-position-left page-post-detail">
    <div class="headband"></div>

    <header id="header" class="header" itemscope="" itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-wrapper">
  <div class="site-meta ">
    

    <div class="custom-logo-site-title">
      <a href="/" class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">sangaizhi-blog</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
      
        <p class="site-subtitle"></p>
      
  </div>

  <div class="site-nav-toggle">
    <button>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>

<nav class="site-nav">
  

  
    <ul id="menu" class="menu">
      
        
        <li class="menu-item menu-item-home">
          <a href="/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-home"></i> <br>
            
            首页
          </a>
        </li>
      
        
        <li class="menu-item menu-item-categories">
          <a href="/categories/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-th"></i> <br>
            
            分类
          </a>
        </li>
      
        
        <li class="menu-item menu-item-archives">
          <a href="/archives/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-archive"></i> <br>
            
            归档
          </a>
        </li>
      
        
        <li class="menu-item menu-item-tags">
          <a href="/tags/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-tags"></i> <br>
            
            标签
          </a>
        </li>
      
        
        <li class="menu-item menu-item-about">
          <a href="/about/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-user"></i> <br>
            
            关于
          </a>
        </li>
      

      
    </ul>
  

  
</nav>



 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
    

  

  
  
  

  <article class="post post-type-normal" itemscope="" itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block">
    <link itemprop="mainEntityOfPage" href="http://sangaizhi.gitee.io/2018/12/12/2018-12-12-Spring-Security-Source-Analysis-2/">

    <span hidden itemprop="author" itemscope="" itemtype="http://schema.org/Person">
      <meta itemprop="name" content="sangaizhi">
      <meta itemprop="description" content="">
      <meta itemprop="image" content="/images/avatar.gif">
    </span>

    <span hidden itemprop="publisher" itemscope="" itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="sangaizhi-blog">
    </span>

    
      <header class="post-header">

        
        
          <h1 class="post-title" itemprop="name headline">Spring  Security 源码分析二</h1>
        

        <div class="post-meta">
          <span class="post-time">
            
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              
                <span class="post-meta-item-text">发表于</span>
              
              <time title="创建于" itemprop="dateCreated datePublished" datetime="2018-12-12T20:32:15+08:00">
                2018-12-12
              </time>
            

            

            
          </span>

          
            <span class="post-category">
            
              <span class="post-meta-divider">|</span>
            
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              
                <span class="post-meta-item-text">分类于</span>
              
              
                <span itemprop="about" itemscope="" itemtype="http://schema.org/Thing">
                  <a href="/categories/spring-security/" itemprop="url" rel="index">
                    <span itemprop="name">spring security</span>
                  </a>
                </span>

                
                
              
            </span>
          

          
            
          

          
          

          

          

          

        </div>
      </header>
    

    
    
    
    <div class="post-body" itemprop="articleBody">

      
      

      
        <pre><code>Spring Security 是一个可以为基于Spring的应用系统提供声明式的安全访问控制的安全框架。
它提供一组可在上下文配置的Bean，通过这些扩展和配置这些Bean，我们可以实现功能强大的、高度定制化的身份验证和访问的控制框架。
本篇将会分析 Spring Security 处理用户信息的几个重要的过滤器。
</code></pre><a id="more"></a>
<h3 id="一、-UsernamePasswordAuthenticationFilter-过滤器"><a href="#一、-UsernamePasswordAuthenticationFilter-过滤器" class="headerlink" title="一、 UsernamePasswordAuthenticationFilter 过滤器"></a>一、 UsernamePasswordAuthenticationFilter 过滤器</h3><p>&emsp;&emsp;<code>UsernamePasswordAuthenticationFilter</code> 主要是用来处理表单登录的请求，它的主要流程就是先调用父类的 <code>AbstractAuthenticationProcessingFilter</code> 的 <code>diFilter</code> 方法，在父类的 <code>doFilter</code> 方法中在调用自身的 <code>attemptAuthentication</code> 方法执行具体的认证,并根据认证结果决定是成功认证处理还是失败处理。<br><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br></pre></td><td class="code"><pre><span class="line">  <span class="function"><span class="keyword">public</span> <span class="keyword">void</span> <span class="title">doFilter</span><span class="params">(ServletRequest req, ServletResponse res, FilterChain chain)</span></span></span><br><span class="line"><span class="function">		<span class="keyword">throws</span> IOException, ServletException </span>&#123;</span><br><span class="line">	HttpServletRequest request = (HttpServletRequest) req;</span><br><span class="line">	HttpServletResponse response = (HttpServletResponse) res;</span><br><span class="line">   <span class="comment">// 1)、判断当前请filter是否可以处理当前请求，不可以就交由下一个过滤器处理</span></span><br><span class="line">	<span class="keyword">if</span> (!requiresAuthentication(request, response)) &#123;</span><br><span class="line">		chain.doFilter(request, response);</span><br><span class="line">		<span class="keyword">return</span>;</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="keyword">if</span> (logger.isDebugEnabled()) &#123;</span><br><span class="line">		logger.debug(<span class="string">"Request is to process authentication"</span>);</span><br><span class="line">	&#125;</span><br><span class="line">   <span class="comment">// 认证信息及认证结果</span></span><br><span class="line">	Authentication authResult;</span><br><span class="line">	<span class="keyword">try</span> &#123;</span><br><span class="line">     <span class="comment">// 2)、 调用具体的过滤器（这里是 UsernamePasswordAuthenticationFilter）进行认证</span></span><br><span class="line">		authResult = attemptAuthentication(request, response);</span><br><span class="line">		<span class="keyword">if</span> (authResult == <span class="keyword">null</span>) &#123;</span><br><span class="line">       <span class="comment">// 认证信息为空，立即返回到子类，表名认证未完成</span></span><br><span class="line">			<span class="keyword">return</span>;</span><br><span class="line">		&#125;</span><br><span class="line">     <span class="comment">// 3)、 认证完成，并且根据认证信息来更新对应的session</span></span><br><span class="line">		sessionStrategy.onAuthentication(authResult, request, response);</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="keyword">catch</span> (InternalAuthenticationServiceException failed) &#123;</span><br><span class="line">     <span class="comment">// 认证失败，执行认证失败的一些操作</span></span><br><span class="line">		logger.error( <span class="string">"An internal error occurred while trying to authenticate the user."</span>, failed);</span><br><span class="line">		unsuccessfulAuthentication(request, response, failed);</span><br><span class="line">		<span class="keyword">return</span>;</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="keyword">catch</span> (AuthenticationException failed) &#123;</span><br><span class="line">		unsuccessfulAuthentication(request, response, failed);</span><br><span class="line">		<span class="keyword">return</span>;</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="keyword">if</span> (continueChainBeforeSuccessfulAuthentication) &#123;</span><br><span class="line">		chain.doFilter(request, response);</span><br><span class="line">	&#125;</span><br><span class="line">   <span class="comment">// 4)、认证成功，执行认证成功后的回调，主要是把认证信息放到 Spring 的上下文中</span></span><br><span class="line">	successfulAuthentication(request, response, chain, authResult);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>&emsp;&emsp;1). 判断当前的过滤器是否可以处理当前的请求，如果可以就继续有当前过滤器处理；如果不行就把请求交给过滤器链中的下一个过滤器处理;<br>&emsp;&emsp;2). 使用子类(这里是 <code>UsernamePasswordAuthenticationFilter</code> )的具体认证认证方法进行认证，并返回认证结果。<br>&emsp;&emsp;3). 认证成功以后，就执行一些与 <code>session</code> 相关的操作(创建新的 <code>session</code> 或者合并 <code>session</code> 或者什么也不做)<br>&emsp;&emsp;4). 认证成功后，执行成功认证的回调。在该回调中，Spring Security 执行的操作主要是把认证信息放到 <code>SecurityContextHolder</code> 中。在这个回调中，Spring Security 提供了一个接口供我们扩展该回调。比如记录日志等。</p>
<p>&emsp;&emsp;在上面的第二步中，调用了具体子类（<code>UsernamePasswordAuthenticationFilter</code>）的 <code>attemptAuthentication</code> 方法来执行具体的认证，该方法的源码如下：<br><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line">   <span class="function"><span class="keyword">public</span> Authentication <span class="title">attemptAuthentication</span><span class="params">(HttpServletRequest request,</span></span></span><br><span class="line"><span class="function"><span class="params">     HttpServletResponse response)</span> <span class="keyword">throws</span> AuthenticationException </span>&#123;</span><br><span class="line">       <span class="comment">// 1)、判断该请求的请求方式是不是 POST， UsernamePasswordAuthenticationFilter 过滤器只处理 POST 请求</span></span><br><span class="line">     <span class="keyword">if</span> (postOnly &amp;&amp; !request.getMethod().equals(<span class="string">"POST"</span>)) &#123;</span><br><span class="line">       <span class="keyword">throw</span> <span class="keyword">new</span> AuthenticationServiceException(</span><br><span class="line">           <span class="string">"Authentication method not supported: "</span> + request.getMethod());</span><br><span class="line">     &#125;</span><br><span class="line">     <span class="comment">// 2)、从请求中取出 username 和 password</span></span><br><span class="line">     String username = obtainUsername(request);</span><br><span class="line">     String password = obtainPassword(request);</span><br><span class="line">     <span class="keyword">if</span> (username == <span class="keyword">null</span>) &#123;</span><br><span class="line">       username = <span class="string">""</span>;</span><br><span class="line">     &#125;</span><br><span class="line">     <span class="keyword">if</span> (password == <span class="keyword">null</span>) &#123;</span><br><span class="line">       password = <span class="string">""</span>;</span><br><span class="line">     &#125;</span><br><span class="line">     username = username.trim();</span><br><span class="line">     <span class="comment">// 3)、使用用户名和密码构建一个 Authentication，</span></span><br><span class="line">     UsernamePasswordAuthenticationToken authRequest = <span class="keyword">new</span> UsernamePasswordAuthenticationToken(</span><br><span class="line">         username, password);</span><br><span class="line">     <span class="comment">// 4)、一个可以扩展的地方，可以供子类设置 details 信息</span></span><br><span class="line">     setDetails(request, authRequest);</span><br><span class="line">    <span class="comment">// 5)、认证 Authentication，是否有效</span></span><br><span class="line">     <span class="keyword">return</span> <span class="keyword">this</span>.getAuthenticationManager().authenticate(authRequest);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>&emsp;&emsp;主要的步骤如下：<br>&emsp;&emsp;1). 判断当前拦截到的请求是不是 <code>POST</code> 方式的请求，<code>UsernamePasswordAuthenticationFilter</code> 这个过滤器只处理 <code>POST</code> 方式的请求。<br>&emsp;&emsp;2). 从当前请求的请求参数中取出用户名和密码，对应请求参数的名称是支持自定义的，默认是，自定义的方式如下：<br><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">protected</span> <span class="keyword">void</span> <span class="title">configure</span><span class="params">(HttpSecurity http)</span> <span class="keyword">throws</span> Exception </span>&#123;</span><br><span class="line">   http.formLogin().loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL) <span class="comment">// 配置需要认证时跳转的页面</span></span><br><span class="line">           .usernameParameter(<span class="string">"user"</span>)  <span class="comment">// 自定义用户名参数的名称</span></span><br><span class="line">           .passwordParameter(<span class="string">"pass"</span>) <span class="comment">// 自定义密码参数的名称</span></span><br><span class="line">           .loginProcessingUrl(securityProperties.getBrowser().getSignInProcessUrl()) <span class="comment">// 配置登录请求处理的url</span></span><br><span class="line">           .successHandler(customAuthenticationSuccessHandler) <span class="comment">// 登录成功处理器</span></span><br><span class="line">           .failureHandler(customAuthenticationFailureHandler); <span class="comment">// 登录失败处理器</span></span><br><span class="line"> &#125;</span><br></pre></td></tr></table></figure></p>
<p>&emsp;&emsp;3). 使用第二步拿到的用户名和密码构建一个未认证的 <code>Authentication</code>，其中包含密码信息，再认证成功后会进行密码擦除。<br>&emsp;&emsp;4). 在这一步中，是Spring Security 留给我们扩展的地方，我们可以通过继承 <code>UsernamePasswordAuthenticationFilter</code> 这个过滤器并重写 <code>setDetails</code> 方法来实现扩展。<br>&emsp;&emsp;5). 调用 <code>AuthenticationManager</code> 的具体实例(实际上是 <code>ProviderManager</code> )来认证当前的 <code>Authentication</code>，并返回认证结果。这一步的具体分下放到下一节。<br>至此， <code>UsernamePasswordAuthenticationFilter</code> 这个过滤器执行的主要操作已经分析完了。</p>
<h3 id="二、-BasicAuthenticationFilter-过滤器"><a href="#二、-BasicAuthenticationFilter-过滤器" class="headerlink" title="二、 BasicAuthenticationFilter 过滤器"></a>二、 BasicAuthenticationFilter 过滤器</h3><p>&emsp;&emsp;<code>BasicAuthenticationFilter</code> 这个过滤器主要的用途就是处理基于Basic认证方式的认证请求。<br>&emsp;&emsp;Basic 认证方式基本原理：在客户端端向 HTTP 服务器进行数据请求时，如果客户端么有被认证，Http服务器则会通过基本认证过程对客户端的用户名和密码进行验证，以决定客户端是否合法。客户端在接收到HTTP服务器的身份认证请求后，会提示输入用户名和密码，然后将用户名和密码进行 BASE64 加密，加密后的密文（BASE64(username+”:”+password)）将会附加在请求信息中.然后再每一次的请求数据时，都会讲密文附加在请求头中。<br>&emsp;&emsp;<code>BasicAuthenticationFilter</code> 过滤器在实现时继承了一个名字为 <code>OncePerRequestFilter</code> 的过滤器，<code>OncePerRequestFilter</code> 这个过滤器的主要作用就是屏蔽底层 Servlet 容器的过滤器对请求的处理次数的方式的不同，使得所有经过继承该类的过滤滤器的请求都只会被处理一次。<br>&emsp;&emsp;<code>BasicAuthenticationFilter</code> 基本认证过程就是先调用父类的 <code>doFilter</code> 方法，然后在父类的 <code>doFilter</code> 方法中调用 <code>BasicAuthenticationFilter</code> 的 <code>doFilterInternal</code> 方法来实际的认证客户端是否合法。主要代码如下：   </p>
<h4 id="1-父类-OncePerRequestFilter-的-doFilter-方法"><a href="#1-父类-OncePerRequestFilter-的-doFilter-方法" class="headerlink" title="1 父类 OncePerRequestFilter 的 doFilter 方法"></a>1 父类 <code>OncePerRequestFilter</code> 的 <code>doFilter</code> 方法</h4><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">public</span> <span class="keyword">final</span> <span class="keyword">void</span> <span class="title">doFilter</span><span class="params">(ServletRequest request, ServletResponse response, FilterChain filterChain)</span></span></span><br><span class="line"><span class="function">   <span class="keyword">throws</span> ServletException, IOException </span>&#123;</span><br><span class="line"> <span class="keyword">if</span> (!(request <span class="keyword">instanceof</span> HttpServletRequest) || !(response <span class="keyword">instanceof</span> HttpServletResponse)) &#123;</span><br><span class="line">   <span class="keyword">throw</span> <span class="keyword">new</span> ServletException(<span class="string">"OncePerRequestFilter just supports HTTP requests"</span>);</span><br><span class="line"> &#125;</span><br><span class="line"> HttpServletRequest httpRequest = (HttpServletRequest) request;</span><br><span class="line"> HttpServletResponse httpResponse = (HttpServletResponse) response;</span><br><span class="line"><span class="comment">// 1)、获取当前过滤器的名称,判断该过滤器是否已经处理过该请求</span></span><br><span class="line"> String alreadyFilteredAttributeName = getAlreadyFilteredAttributeName();</span><br><span class="line"> <span class="keyword">boolean</span> hasAlreadyFilteredAttribute = request.getAttribute(alreadyFilteredAttributeName) != <span class="keyword">null</span>;</span><br><span class="line"> <span class="keyword">if</span> (hasAlreadyFilteredAttribute || skipDispatch(httpRequest) || shouldNotFilter(httpRequest)) &#123;</span><br><span class="line">   <span class="comment">// 调过当前的过滤器，由下一个过滤器继续执行</span></span><br><span class="line">   filterChain.doFilter(request, response);</span><br><span class="line"> &#125;</span><br><span class="line"> <span class="keyword">else</span> &#123;</span><br><span class="line">   <span class="comment">// 2)、设置当前过滤器已经处理过当前请求，这个操作和上面的判断相关</span></span><br><span class="line">   request.setAttribute(alreadyFilteredAttributeName, Boolean.TRUE);</span><br><span class="line">   <span class="keyword">try</span> &#123;</span><br><span class="line">     <span class="comment">// 3)、调用子类的方式去实际的处理认证</span></span><br><span class="line">     doFilterInternal(httpRequest, httpResponse, filterChain);</span><br><span class="line">   &#125;</span><br><span class="line">   <span class="keyword">finally</span> &#123;</span><br><span class="line">     <span class="comment">// 认证完成了就需要移除掉当前请求的是否处理的标记</span></span><br><span class="line">     request.removeAttribute(alreadyFilteredAttributeName);</span><br><span class="line">   &#125;</span><br><span class="line"> &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<p>&emsp;&emsp;父类 <code>OncePerRequestFilter</code>的 <code>doFilter</code> 方法主要做的是事情总结就是：<br>&emsp;&emsp;1). 判断当前的 <code>Filter</code>(这里指 <code>BasicAuthenticationFilter</code>) 是否已经处理过当前的请求；如果处理过，则把当前的请求交给过滤器链中的下一个过滤器处理， 如果没有处理，则继续执行下面的步骤。<br>&emsp;&emsp;2). 通过往 request 中设置属性的方式来标记当前的 <code>Filter</code>已经处理过该请求。<br>&emsp;&emsp;3). 调用子类 <code>BasicAuthenticationFilter</code> 的 <code>doFilterInternal</code> 方法来具体的认证用户信息。<br>&emsp;&emsp;4). 移出之前往 request 中设置的标记属性。</p>
<h4 id="2-子类-BasicAuthenticationFilter-的-doFilterInternal-方法"><a href="#2-子类-BasicAuthenticationFilter-的-doFilterInternal-方法" class="headerlink" title="2 子类 BasicAuthenticationFilter 的 doFilterInternal 方法"></a>2 子类 <code>BasicAuthenticationFilter</code> 的 <code>doFilterInternal</code> 方法</h4><p>&emsp;&emsp; 这个方法是实际上认证客户端的地方。在这个方法里，Spring Security 会基于 Basic 认证方式从请求中拿出相应的信息来认证客户端。<br><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">@Override</span></span><br><span class="line"><span class="function"><span class="keyword">protected</span> <span class="keyword">void</span> <span class="title">doFilterInternal</span><span class="params">(HttpServletRequest request,</span></span></span><br><span class="line"><span class="function"><span class="params">   HttpServletResponse response, FilterChain chain)</span></span></span><br><span class="line"><span class="function">       <span class="keyword">throws</span> IOException, ServletException </span>&#123;</span><br><span class="line"> <span class="keyword">final</span> <span class="keyword">boolean</span> debug = <span class="keyword">this</span>.logger.isDebugEnabled();</span><br><span class="line"> <span class="comment">// 1)、从请求头拿出认证信息，并根据拿到的信息判断是不是需要使用  BasicAuthenticationFilter 过滤器进行认证</span></span><br><span class="line"> String header = request.getHeader(<span class="string">"Authorization"</span>);</span><br><span class="line"> <span class="keyword">if</span> (header == <span class="keyword">null</span> || !header.startsWith(<span class="string">"Basic "</span>)) &#123;</span><br><span class="line">   <span class="comment">// 不需要使用 BasicAuthenticationFilter 过滤器处理，直接交由下一个处理处理</span></span><br><span class="line">   chain.doFilter(request, response);</span><br><span class="line">   <span class="keyword">return</span>;</span><br><span class="line"> &#125;</span><br><span class="line"></span><br><span class="line"> <span class="keyword">try</span> &#123;</span><br><span class="line">   <span class="comment">// 2)、从请求头中拿到 用户名和密码信息，主要操作就是 BASE64解密和用户名密码拆分</span></span><br><span class="line">   String[] tokens = extractAndDecodeHeader(header, request);</span><br><span class="line">   <span class="comment">// 要求认证信息是包含两部分（用户名和密码）</span></span><br><span class="line">   <span class="keyword">assert</span> tokens.length == <span class="number">2</span>;</span><br><span class="line">   <span class="comment">// 用户名</span></span><br><span class="line">   String username = tokens[<span class="number">0</span>];</span><br><span class="line">   <span class="comment">// 省略日志记录的代码</span></span><br><span class="line">   <span class="comment">// 3)、判断用户名是否需要认证（已经认证过的用户不需要认证，从上下文拿到认证信息）</span></span><br><span class="line">   <span class="keyword">if</span> (authenticationIsRequired(username)) &#123;</span><br><span class="line">     <span class="comment">// 4)、根基用户名创建认证信息</span></span><br><span class="line">     UsernamePasswordAuthenticationToken authRequest = <span class="keyword">new</span> UsernamePasswordAuthenticationToken(</span><br><span class="line">         username, tokens[<span class="number">1</span>]);</span><br><span class="line">     authRequest.setDetails(</span><br><span class="line">         <span class="keyword">this</span>.authenticationDetailsSource.buildDetails(request));</span><br><span class="line">    <span class="comment">// 5)、从所有的 认证管理器中的找出支持认证当前 authRequest 的认证器认证当前的 authRequest，关于选择哪一个认证在下一节分析</span></span><br><span class="line">     Authentication authResult = <span class="keyword">this</span>.authenticationManager</span><br><span class="line">         .authenticate(authRequest);</span><br><span class="line">     SecurityContextHolder.getContext().setAuthentication(authResult);</span><br><span class="line">     <span class="keyword">this</span>.rememberMeServices.loginSuccess(request, response, authResult);</span><br><span class="line">     <span class="comment">// 6)、成功认证处理</span></span><br><span class="line">     onSuccessfulAuthentication(request, response, authResult);</span><br><span class="line">   &#125;</span><br><span class="line"> &#125;</span><br><span class="line"> <span class="keyword">catch</span> (AuthenticationException failed) &#123;</span><br><span class="line">   SecurityContextHolder.clearContext();</span><br><span class="line">   <span class="keyword">this</span>.rememberMeServices.loginFail(request, response);</span><br><span class="line">   <span class="comment">// 7)、认证失败处理</span></span><br><span class="line">   onUnsuccessfulAuthentication(request, response, failed);</span><br><span class="line">   <span class="keyword">if</span> (<span class="keyword">this</span>.ignoreFailure) &#123;</span><br><span class="line">     chain.doFilter(request, response);</span><br><span class="line">   &#125;</span><br><span class="line">   <span class="keyword">else</span> &#123;</span><br><span class="line">     <span class="keyword">this</span>.authenticationEntryPoint.commence(request, response, failed);</span><br><span class="line">   &#125;</span><br><span class="line">   <span class="keyword">return</span>;</span><br><span class="line"> &#125;</span><br><span class="line"> chain.doFilter(request, response);</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="comment">/**</span></span><br><span class="line"><span class="comment"> * 从请求头中抽取用户名和密码信息</span></span><br><span class="line"><span class="comment"> */</span></span><br><span class="line"><span class="keyword">private</span> String[] extractAndDecodeHeader(String header, HttpServletRequest request)</span><br><span class="line">			<span class="keyword">throws</span> IOException &#123;</span><br><span class="line">    <span class="comment">// 5.1)、请求头中 Authorization 属性的值得一部分（Basic  后面的一部分，注意空格）</span></span><br><span class="line">    <span class="comment">// Authorization 的值类似于 Basic jdfklasjkfagdfjsdasdasdasdasdas</span></span><br><span class="line">		<span class="keyword">byte</span>[] base64Token = header.substring(<span class="number">6</span>).getBytes(<span class="string">"UTF-8"</span>);</span><br><span class="line">		<span class="keyword">byte</span>[] decoded;</span><br><span class="line">		<span class="keyword">try</span> &#123;</span><br><span class="line">      <span class="comment">// 2)、BASE64 解密 认证信息</span></span><br><span class="line">			decoded = Base64.decode(base64Token);</span><br><span class="line">		&#125;</span><br><span class="line">		<span class="keyword">catch</span> (IllegalArgumentException e) &#123;</span><br><span class="line">			<span class="keyword">throw</span> <span class="keyword">new</span> BadCredentialsException( <span class="string">"Failed to decode basic authentication token"</span>);</span><br><span class="line">		&#125;</span><br><span class="line">		String token = <span class="keyword">new</span> String(decoded, getCredentialsCharset(request));</span><br><span class="line">    <span class="comment">// 认证信息中用户名和密码的分隔符</span></span><br><span class="line">		<span class="keyword">int</span> delim = token.indexOf(<span class="string">":"</span>);</span><br><span class="line">		<span class="keyword">if</span> (delim == -<span class="number">1</span>) &#123;</span><br><span class="line">			<span class="keyword">throw</span> <span class="keyword">new</span> BadCredentialsException(<span class="string">"Invalid basic authentication token"</span>);</span><br><span class="line">		&#125;</span><br><span class="line">    <span class="comment">// 把解密后的认证信息用 ':' 分隔符分开，并组成一个数组返回</span></span><br><span class="line">    <span class="keyword">return</span> <span class="keyword">new</span> String[] &#123; token.substring(<span class="number">0</span>, delim), token.substring(delim + <span class="number">1</span>) &#125;;</span><br><span class="line">	&#125;</span><br></pre></td></tr></table></figure></p>
<p><code>BasicAuthenticationFilter</code> 的 <code>doFilterInternal</code> 方法总结：<br>&emsp;&emsp;1). 从请求头里面拿到用户的认证信息（header  里面的 Authorization 属性）；如果拿不到，就直接把该请求交给下一个 <code>Filter</code> 处理，拿到了也需要判断是不是 <code>Basic</code> 认证，是的话才会继续下去。<br>&emsp;&emsp;2). 从请求头里面取出用户名和密码两个信息：<br>&emsp;&emsp;&emsp; 2.1). 截取请求头中 <code>Authorization</code> 属性值的一部分(‘Basic ‘后面的那部分)；<br>&emsp;&emsp;&emsp; 2.2). 将截取得到的字符串进行 BASE64 解码，得到解码后的字符串；<br>&emsp;&emsp;&emsp; 2.3). 根据 ‘:’ 分隔符将解密后字符串分割成两部分，前一部分就是用户名，后一部分就是密码；<br>&emsp;&emsp;&emsp; 2.4). 把用户名和密码组成数组返回；<br>&emsp;&emsp;3). 判断用户是否需要认证，主要是判断当前用户名是否已经认证（从 <code>SecurityContextHolder</code> 中判断）,需要认证则继续下面的判断，否则交给下一个 <code>Filter</code>；<br>&emsp;&emsp;4). 用前面拿到的用户名和密码构造一个还未认证的 <code>Authentication</code> 。<br>&emsp;&emsp;5). 使用 Spring Security 的所有认证管理器(包括自定义的)中找出支持认证当前 <code>Authentication</code> 的认证器去认证当前的 <code>Authentication</code>,具体怎么选择在下一届分析；<br>&emsp;&emsp;6). 认证成功处理，和 <code>UsernamePasswordAuthenticationFilter</code> 一样，里面是支持自定义扩展的。<br>&emsp;&emsp;7). 认证失败处理。</p>
<h3 id="三、-AnonymousAuthenticationFilter-过滤器"><a href="#三、-AnonymousAuthenticationFilter-过滤器" class="headerlink" title="三、 AnonymousAuthenticationFilter 过滤器"></a>三、 AnonymousAuthenticationFilter 过滤器</h3><p>&emsp;&emsp; <code>AnonymousAuthenticationFilter</code> 这个过滤器在名称上就可以看出一个匿名认证的过滤器。它的主要作用就是在 Spring Security 需要认证，但 <code>SecurityContextHolder</code> 中恰巧又没有一个 <code>Authentication</code> 对象时，使用一个随机UUID、名称为<code>anonymousUser</code>的用户名和包含橘色<code>ROLE_ANONYMOUS</code>的authorities 去创建一个匿名的 <code>Authentication</code> 。并将这个 <code>Authentication</code> 放到 SecurityContextHolder 中。<br>下面来看一下核心部分的代码：</p>
<h5 id="1-第一个看的就是-的-doFilter-方法"><a href="#1-第一个看的就是-的-doFilter-方法" class="headerlink" title="1. 第一个看的就是  的  doFilter 方法"></a>1. 第一个看的就是 <code></code> 的  <code>doFilter</code> 方法</h5><pre><code><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">public</span> <span class="keyword">void</span> <span class="title">doFilter</span><span class="params">(ServletRequest req, ServletResponse res, FilterChain chain)</span></span></span><br><span class="line"><span class="function">   <span class="keyword">throws</span> IOException, ServletException </span>&#123;</span><br><span class="line"></span><br><span class="line"> <span class="keyword">if</span> (SecurityContextHolder.getContext().getAuthentication() == <span class="keyword">null</span>) &#123;</span><br><span class="line">   SecurityContextHolder.getContext().setAuthentication(</span><br><span class="line">       createAuthentication((HttpServletRequest) req));</span><br><span class="line"> &#125;</span><br><span class="line"> chain.doFilter(req, res);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

从代码中可以看出在判断 SecurityContextHolder 中没有 `Authentication` 时，就去创建一个 `Authentication`。所以第二个看的就是它如何创建一个 `Authentication` 的。
</code></pre><h5 id="2-创建-Authentication-的方法"><a href="#2-创建-Authentication-的方法" class="headerlink" title="2. 创建 Authentication 的方法"></a>2. 创建 <code>Authentication</code> 的方法</h5><pre><code><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">protected</span> Authentication <span class="title">createAuthentication</span><span class="params">(HttpServletRequest request)</span> </span>&#123;</span><br><span class="line">   AnonymousAuthenticationToken auth = <span class="keyword">new</span> AnonymousAuthenticationToken(key,</span><br><span class="line">       principal, authorities);</span><br><span class="line">   auth.setDetails(authenticationDetailsSource.buildDetails(request));</span><br><span class="line">   <span class="keyword">return</span> auth;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
</code></pre><p>可以看出在创建这个 <code>Authorization</code>的时候，代码中使用一个三个变量：</p>
<ul>
<li>key, 来源于构造方法的参数，构造方法是在 <code>AnonymousConfigurer</code> 这个类的 <code>init</code>方法中调用的，而 <code>init</code> 方法是通过 <code>UUID.randomUUID().toString()</code> 这样方式产生 key 的。所以说这个 key  就是一个随机的 UUID。</li>
<li>principal, 相当于用户名，这个属性来源可以是<code>AnonymousConfigurer</code> 这个类的 <code>init</code>方法,也可以 <code>AnonymousAuthenticationFilter</code>  本身构造方法的字符串常量。当然，这两个来源得到的值都是一样的，就是字符串 anonymousUser，所以这个类创建的 <code>Authentication</code> 的用户名就是 anonymousUser，所以这个类创建的。</li>
<li>authorities, 代表当前匿名用户拥有的角色，和 <code>principal</code> 变量一样，有两个来源，并且产生的结果都是包含一个名称为ROLE_ANONYMOUS 的角色。</li>
</ul>

      
    </div>
    
    
    

    

    

    

    <footer class="post-footer">
      
        <div class="post-tags">
          
            <a href="/tags/Spring-Security/" rel="tag"># Spring Security</a>
          
        </div>
      

      
      
      

      
        <div class="post-nav">
          <div class="post-nav-next post-nav-item">
            
              <a href="/2018/12/09/2018-12-09-Spring-Security-Source-Analysis-1/" rel="next" title="Spring  Security 源码分析一">
                <i class="fa fa-chevron-left"></i> Spring  Security 源码分析一
              </a>
            
          </div>

          <span class="post-nav-divider"></span>

          <div class="post-nav-prev post-nav-item">
            
              <a href="/2018/12/16/2018-12-16-Spring-Security-Source-Analysis-3/" rel="prev" title="Spring  Security 源码分析三">
                Spring  Security 源码分析三 <i class="fa fa-chevron-right"></i>
              </a>
            
          </div>
        </div>
      

      
      
    </footer>
  </div>
  
  
  
  </article>



    <div class="post-spread">
      
    </div>
  </div>


          </div>
          


          

  



        </div>
        
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside id="sidebar" class="sidebar">
    
    <div class="sidebar-inner">

      

      
        <ul class="sidebar-nav motion-element">
          <li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">
            文章目录
          </li>
          <li class="sidebar-nav-overview" data-target="site-overview-wrap">
            站点概览
          </li>
        </ul>
      

      <section class="site-overview-wrap sidebar-panel">
        <div class="site-overview">
          <div class="site-author motion-element" itemprop="author" itemscope="" itemtype="http://schema.org/Person">
            
              <p class="site-author-name" itemprop="name">sangaizhi</p>
              <p class="site-description motion-element" itemprop="description"></p>
          </div>

          <nav class="site-state motion-element">

            
              <div class="site-state-item site-state-posts">
              
                <a href="/archives/">
              
                  <span class="site-state-item-count">18</span>
                  <span class="site-state-item-name">日志</span>
                </a>
              </div>
            

            
              
              
              <div class="site-state-item site-state-categories">
                <a href="/categories/index.html">
                  <span class="site-state-item-count">4</span>
                  <span class="site-state-item-name">分类</span>
                </a>
              </div>
            

            
              
              
              <div class="site-state-item site-state-tags">
                <a href="/tags/index.html">
                  <span class="site-state-item-count">17</span>
                  <span class="site-state-item-name">标签</span>
                </a>
              </div>
            

          </nav>

          

          

          
          

          
          

          

        </div>
      </section>

      
      <!--noindex-->
        <section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
          <div class="post-toc">

            
              
            
            
              <div class="post-toc-content">  <ol class="nav"><li class="nav-item nav-level-3"><a class="nav-link" href="#一、-UsernamePasswordAuthenticationFilter-过滤器"><span class="nav-number">1.</span> <span class="nav-text">一、 UsernamePasswordAuthenticationFilter 过滤器</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#二、-BasicAuthenticationFilter-过滤器"><span class="nav-number">2.</span> <span class="nav-text">二、 BasicAuthenticationFilter 过滤器</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#1-父类-OncePerRequestFilter-的-doFilter-方法"><span class="nav-number">2.1.</span> <span class="nav-text">1 父类 OncePerRequestFilter 的 doFilter 方法</span></a></li><li class="nav-item nav-level-4"><a class="nav-link" href="#2-子类-BasicAuthenticationFilter-的-doFilterInternal-方法"><span class="nav-number">2.2.</span> <span class="nav-text">2 子类 BasicAuthenticationFilter 的 doFilterInternal 方法</span></a></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#三、-AnonymousAuthenticationFilter-过滤器"><span class="nav-number">3.</span> <span class="nav-text">三、 AnonymousAuthenticationFilter 过滤器</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#1-第一个看的就是-的-doFilter-方法"><span class="nav-number">3.0.1.</span> <span class="nav-text">1. 第一个看的就是  的  doFilter 方法</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-创建-Authentication-的方法"><span class="nav-number">3.0.2.</span> <span class="nav-text">2. 创建 Authentication 的方法</span></a></li></ol></li></ol></div>
            

          </div>
        </section>
      <!--/noindex-->
      

      

    </div>
  </aside>


        
      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright">&copy; <span itemprop="copyrightYear">2018</span>
  <span class="with-love">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">sangaizhi</span>

  
</div>


  <div class="powered-by">由 <a class="theme-link" target="_blank" href="https://hexo.io">Hexo</a> 强力驱动</div>



  <span class="post-meta-divider">|</span>



  <div class="theme-info">主题 &mdash; <a class="theme-link" target="_blank" href="https://github.com/iissnan/hexo-theme-next">NexT.Muse</a> v5.1.4</div>




        







        
      </div>
    </footer>

    
      <div class="back-to-top">
        <i class="fa fa-arrow-up"></i>
        
      </div>
    

    

  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>









  












  
  
    <script type="text/javascript" src="/lib/jquery/index.js?v=2.1.3"></script>
  

  
  
    <script type="text/javascript" src="/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script>
  

  
  
    <script type="text/javascript" src="/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>
  

  
  
    <script type="text/javascript" src="/lib/velocity/velocity.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>
  


  


  <script type="text/javascript" src="/js/src/utils.js?v=5.1.4"></script>

  <script type="text/javascript" src="/js/src/motion.js?v=5.1.4"></script>



  
  

  
  <script type="text/javascript" src="/js/src/scrollspy.js?v=5.1.4"></script>
<script type="text/javascript" src="/js/src/post-details.js?v=5.1.4"></script>



  


  <script type="text/javascript" src="/js/src/bootstrap.js?v=5.1.4"></script>



  


  




	





  





  












  





  

  

  

  
  

  

  

  

</body>
</html>
